PassPack Featured on Lifehacker

Woke up this morning to find traffic spiking – what happened? PassPack was featured on Lifehacker.

“It especially shines on the web, though, because once you give PassPack the password data to your frequented web sites, you can turn on its coolest feature, which is an auto-login bookmarklet for all the sites you’ve entered into PassPack.”

Lifehacker Features Online Password Manager

Thanks to Lifehacker journalist Adam Pash for those kind words. Check out more of Adam’s articles here.

For those of you wondering how I hadn’t noticed earlier that we’d been featured on Lifehacker (I’m a faithful reader) – we started moving into our new office yesterday and wasn’t watching my feeds. What timing! I’ll try and get some pics up to the blog a little later on.


4 responses to “PassPack Featured on Lifehacker

  1. Hi Tara
    I love Passpack. I use it a lot. Can’t wait for the commercial release…. hopefully the extra interest sparked by the Lifehacker article will speed this on its way!

    Glad you got your responses in to some of the comments associated with the Lifehacker article. Some posters aren’t aware of host-proofing and also just how encryption works (I’m no expert but did read a couple of interesting ‘layman/popular’ books e.g. “The Code book, by Simon Singh” to give me more confidence in how strong encryption works).

    Anyway…. a couple of the Lifehacker posts do raise some points that you could respond to. Maybe its because they are also points that nag at me as well.. through lack my lack of understanding.

    (i) The pro’s & cons of opensource or proprietary software relating to security.

    (ii) Use of (online) password managers with online banking. This to me is the big question, as its potentially one of the most useful applications of Passpack but also perceived to be the most risky?

    I have a few online financial accounts. I could (but don’t) put my passwords for these into Passpack as in your T&C you don’t allow that (yet). Also there are all those websites that save your financial details (e.g. Paypal, Google checkout, amazon etc.). I guess when I think about it… where I want to use strong unique passwords (and therefore where Passpack would be most use) are the sites where I may be at most financial risk if hacked. Hence I find this a bit of a dilema.

    I reiterate I really like Passpack and use it a lot. I’d like to use it for all my secure logons.

    Keep up the good work.

  2. @Ray
    Hello – and thanks for this great comment. We also published a short article for newcomers to Host-Proof hosting here.

    Onto your questions:

    Open Source
    Actually, PassPack uses Open Source code, and we’ll release some of our own Open Source Libraries and techniques as well. I know we’ve been saying this for a while, but we’re always short for time, and it keeps getting pushed to the back of the list.

    Any coder with Firebug can actually check what the application is doing – no need for any special license, it’s just inherent to the way PassPack works (Javascript in your browser).

    I’m considering addressing the issue more in detail on the blog.

    Online Banking
    Thanks for reading the TAC! Much appreciated.

    Once we’re out of Beta, we’ll allow financial info to be stored. Part of coming out of Beta is going through the various (legal & technical) audits needed to be able to take on that responsibility. Working on it…

    Thanks again, I think I’ll go leave a similar comment over at Lifehacker now. I think I haven’t addressed these issues there yet.


  3. One of the most frustrating things I was reading yesterday was the number of uninformed comments. Early on, there were a number of people talking about how ANY online password management tool is insecure since you’re storing all your passwords in one place, online. They claimed that if you’re passwords are stored on the server then the webmaster has access and any of the other employees as well.

    That really ticked me off, because these were just ignorant comments from people who don’t understand the PassPack security model.

    Encryption and decryption occurs on the client side, right? Therefore, the ONLY information you guys keep in your DB’s and other systems are the encrypted hashes. Even when I log in using all the authentication necessary to log in, it’s still all done client side. Plus, it’s all over SSL.

    The only vulnerability PassPack possesses is one that plagues them all. The introduction of a keylogger (physical or software) on the client machine. Other than user education, there’s not much that can be done about that.

    I can’t imagine a solution that gets more secure than PassPack and still maintains a completely web based, 100% portable, platform independent application. I know I’ve always been a huge fan since I started using your service, but way to go PassPack! It just keeps getting better! Keep up the great work!

  4. Hello Jonathan.

    >> Encryption and decryption occurs on the client side, right?

    Yes, that’s correct.
    Thanks so much for the enthusiasm – I can’t tell you how reinvigorating it is to hear it.

    RE: Keyloggers. We’ve got some ideas for combating that too. We just need to roll these features out the door!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s